Introduction

IRIS Security Training Requirements We're building a security syllabus for IRIS: - who is in scope for this? - what are the most important topics? Scope - service managers (more of a policy approach to services) - system administrators (more of a technical approach to services) - users (researchers) - users as sysadmins(cloud) - management (impact) Notes - security professionals (less in scope) - infrastructure operations (AAAI etc) are particular examples of service management * Need to train security professionals with new infrastructure workflows Topics Users - - best practice - current/modern outlook - assumptions - noticing something that is odd - contact points!

Endpoint and IRIS security requirements Building a set of IRIS security capabilities across our sites and services - infrastructure requirements - organisational requirements - site requirements - how do we make progress?